On 11/13/2016 04:38 AM, Sec Tester wrote:
I guess the main benefit to having VPN on router is it takes that overhead off the
PCs CPU & memory.
But the paper is right, a lot of network hardware is backdoored. Especially the
cisco stuff. And im suspicious of the Chinese stuff too.
We should endeavor to run open source routers. But im not aware of any open
source modems? Im actually surprised someone hasnt cracked the proprietary DSL
code and leaked an open source modem.
I bet we would not like what we found in their proprietary code :/
Having a VPN-Proxy-VM offers the flexibility to chose what VMs directly connect
to the internet, and which VMs are routed through the VPN which is nice.
I've set my VPN-Proxy-VM using a minimal template, to future reduce the attack
You can also run the whonix-gw over the vpn, or vise versa.
I imagine since snowden said to the world he uses Qubes OS, the NSA have had
their team looking for ways in. I think qubes can be hardened much more than it
Its not just backdoors... IIRC the NSA and probably other groups greatly
prefer to attack routers for some reason. I think the reason is they are
generally neglected and insecure.
Quite frankly, there is all too much insecurity to go around... and I
don't even think software is the worst culprit anymore. We're all using
souped-up ancient architectures that expose us to things like 'DRAMA'
and it seems there is little-to-no innovation with respect to more
secure hardware architecture. Qubes tries to propose new architecture in
software, but I worry even it may not be enough.
Router vs laptop: If we regard a well-maintained OpenWRT router as more
secure than Qubes on a laptop, then we've given up on link encryption in
our applications (HTTPS, ZRTP, etc.) by implication. Then the only way
to have reliable link encryption is to have everyone we communicate with
sitting at home connecting to a single VPN server... each from their
router-bound VPN clients... tethered by an ethernet cable between router
and PC. Egads.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.